Libvirt Security Notice: LSN-2013-0008
        ======================================

       Summary: Libvirt security driver does not clear
                supplementary groups
   Reported on: 20130805
  Published on: 20130805
      Fixed on: 20130829
   Reported by: Eric Blake <eblake@redhat.com>
    Patched by: Eric Blake <eblake@redhat.com>
      See also: CVE-2013-4291

Description
-----------

When parsing the process security label for the DAC driver the list
of supplementary groups was not initialized. This would lead to the
QEMU process inheriting supplementary groups from the libvirtd
daemon.

Impact
------

The QEMU processes inherit supplementary groups libvirtd which may
lead to it being granted access to in appropriate resources

Workaround
----------

Ensure a MAC driver such as SELinux or AppArmour is used to confine
the QEMU processes, so that a compromised QEMU cannot take advantage
of the inherited supplementary groups.

Affected product
----------------

        Name: libvirt
  Repository: https://gitlab.com/libvirt/libvirt

      Branch: master
   Broken in: v1.1.1
    Fixed in: v1.1.2
   Broken by: 29fe5d745fbe207ec2415441d4807ae76be05974
    Fixed by: 745aa55fbf3e076c4288d5ec3239f5a5d43508a6

      Branch: v0.10.2-maint
   Broken in: v0.10.2.7
    Fixed in: v0.10.2.8
   Broken by: c061ff5e4acb7ce92b59775f986d1b18b86ce43c
    Fixed by: 53b882aad57ed9bbe4188128e9db2f1aecd3fb48

      Branch: v1.1.1-maint
   Broken by: 29fe5d745fbe207ec2415441d4807ae76be05974
    Fixed by: d23cf2c91b32a715aae9beeaac04fc36924e0f56